IdentityServer3.WsFederation icon indicating copy to clipboard operation
IdentityServer3.WsFederation copied to clipboard
verified publisher icon IdentityServer

WS-Fed Endpoint usernamemixed

Open joelhaslerfhnw opened this issue 9 years ago • 3 comments

Hi

We currently use ADFS 3.0 as a «protocol Gateway» to authenticate SharePoint 2013 against our SAML2-based Identity Provider (Shibboleth). We are investigating if we can replace the ADFS Server with a solution based on IdentityServer3 with the WS-Federation plugin together with Kentor Authentication Services (https://github.com/KentorIT/authservices). In our Proof of Concept Environment 95% woks like a charm, but there is one simple part missing so that we can replace ADFS definitely. We use a special endpoint from ADFS (/adfs/services/trust/13/usernamemixed) to get a SAML Token based on Username and Password from the Identity Provider "Active Directory". We need this in SharePoint to be able to get the current user context in a web service, because with ADFS and SharePoint by default the impersonation will be done with the IUSER and not with the current logged in user. Do you know if this can also be implemented in IdentityServer3?

Many Thanks for your help. Cheers, Joël

joelhaslerfhnw avatar Jun 03 '16 12:06 joelhaslerfhnw

That's a WS-Trust endpoint. We don't support that - and it cannot easily be added.

leastprivilege avatar Jun 03 '16 12:06 leastprivilege

thanks you very much for the fast answer! But it is possible to add the functionality, it is just a question of time, priority and of course money?

joelhaslerfhnw avatar Jun 03 '16 13:06 joelhaslerfhnw

Everything is a question of money ;)

leastprivilege avatar Jun 03 '16 15:06 leastprivilege